Professional Documents
Culture Documents
Activity 9 - Part II
Activity 9 - Part II
XSS ATTACK
PART II
Deadline: 23:59, Thursday Dec 30, 2021
Individual Submission
Grading:
• 30 points are for tasks mentioned in Part 2-A
• 60 points are for the answers to the questions given in Part 2-B.
Part 2-A:
Complete the following steps in the WebGoat Application
(http://localhost:8080/WebGoat/). Use the WebGoat User Account.
Username: guest Password: guest
In the menu along the left-hand side of the screen, select “Cross Site Scripting (XSS)” to
expand the submenu for XSS. The Stage # and Name shown in bold below correspond to
the “Stages” listed in the XSS submenu.
Part 2-B:
1. What happens in a stored XSS attack? Explain using an example from activity.
2. What are some measures that can be taken to block a stored XSS attack?
3. Explain your observation and understanding about the vulnerability from Part 2A:
Stage 5 – Reflected XSS.
4. Mention an input validation example that can be implemented to prevent a stored
XSS attack.
5. List some languages that are particularly vulnerable to cross-site scripting.
6. Describe the types of data that are typically listed in cookies on Firefox and Chrome
browsers.
Submit your answers for Part 2-A and 2-B in AYBUZEM.